About Us
Overview
Our Team
Partners
Contact Us
Services
Overview
Solutions
Consulting
Education
Overview
Course Description
Web Hacking
Security Assessment
Secure Coding
Defending Servers
Ethical Hacking
Buffer Overflow
Spyware
Research
Overview
Innovations
In The Public
Events & Announcements
Resources
White Papers & Articles
Advisories
Free Tools

Secure Coding

Duration: 2 - 3 days

This course starts by exploring the need to design and develop secure systems and then listing common errors. A case study is presented at the outset to aid participants in identifying potential security holes in software - from the design phase to the implementation phase - by thinking along the lines of an attacker.

A feature in each of our courses is the inclusion of hands-on exercises to reinforce each of the concepts presented, including security principles, good and to-be-avoided practices for programming language-specific modules.

NOTE: Language-specific modules are presently available for C/C++, Perl, Java and PHP.

The emphasis here is primarily on the way of thinking necessary for developing secure applications from a practical perspective.

This course is designed and developed for developers. The objectives are:

  • Increasing awareness about the need for secure systems
  • Understanding the secure life cycle
  • Focusing on common coding errors
  • Practising security techniques such as Threat Modelling
  • Understanding design-time aspects
  • Implementing secure coding principles
Target Audience
  • Developers (Intermediate-Advanced)
  • Anyone looking for practical advice on implementing secure coding practices.
Prerequisite
  • Familiarity with coding in any programming language

 

Course Outline

Schedule : Day 1
Secure Systems: Everyone's responsibility
  • The need for secure systems
  • Common security errors
    • Bounds checking
    • Buffer Overruns - What's the real story?
    • Cryptographic foibles
    • Implementation bugs
  • Secure Life Cycle
  • A Case Study
  • Concluding Thoughts: Day 1
  • Question & Answer Session
 
Schedule : Day 2
Secure Design: Principles and Techniques
  • Principles of robust programming
  • Security Techniques
    • Threat Modelling Methodology
      • Attack Trees
      • Hoglund and McGraw Attack Patterns
    • Design-time aspects
      • Core processes
      • Persistent data
      • Communication channels
      • Non-persistent (ephemeral) data
    • Review
    • Question & Answer Session
 
Schedule : Day 3
Safe Practices: Features to avoid
  • Safe C / C++
  • Safe Perl / CGI
  • Safe Java
  • Safe PHP
  • Preventing HTML from Tampering
  • *nix Key Component libc: Shared Libraries
  • Analysis: Fragile vs. Robust code
    • The Queue Structure
    • Checking for race conditions in file access
  • Summary: Checklist
  • Question & Answer Session
  • Feedback

For further information please contact us at